Friday, June 22, 2007

Schools warn of abuse risk from IT database

The Guardian are sensibly highlighting a letter from Ross Anderson (FIPR), Becky Hogge (ORG), Terri Dowty (ARCH), Simon Davies (Privacy International) and Jonathan Shephard (Independent Schools Council). I hope Ross and co. don't mind me quoting them in full here. It is incredibly important that their views on ContactPoint aka the Children's Index database get the widest possible exposure.

"In the coming weeks, parliament will be asked to pass regulations which will allow at least 330,000 users access to detailed and sensitive information on 11 million children, with no evidence that the system proposed can be secured.

Unless the system - called ContactPoint - is secure, the result will be that sensitive information will fall into the hands of potential abusers of children and traders of information. As the proposals stand, the dangers of user-abuse and hacking have not been quantified. The problems of a potentially leaky system must be solved before the plan gets any further. Once contracts are placed with IT firms, commercial confidentiality will come into play and the public won't know how adequate the system is until the stories of misuse and abuse appear.

The government acknowledges the risks by instituting protocols to "shield" details of celebrity and vulnerable children. But all children are potentially vulnerable to misuse of information, and the potential for this is enormous. Evidence presented last year to the management board of the Leeds NHS Trust showed that in one month the 14,000 staff logged 70,000 incidents of inappropriate access. On the basis of these figures, misuse of ContactPoint could run to 1,650,000 incidents a month. Is this going to protect children?

Before it's too late, we ask the government to reconsider this hugely expensive and intrusive scheme. It would not have helped Victoria Climbié, and it will put far more children at risk."